Cyber Defense Advisors

Month: February 2024

  • by
  • February 5, 2024

Hands-On Review: SASE-based XDR from Cato Networks

Companies are engaged in a seemingly endless cat-and-mouse game when it comes to cybersecurity and cyber threats. As organizations put up one defensive block after another, malicious actors kick their game up a notch to get around those blocks. Part of the challenge is to coordinate the defensive abilities of disparate security tools, even as […]

Cyber News
  • by
  • February 5, 2024

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group’s Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the […]

Cyber News
  • by
  • February 5, 2024

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week. Propagated via […]

Cyber News
  • by
  • February 3, 2024

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin 

Cyber News
  • by
  • February 3, 2024

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. “Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account,” the maintainers said in a terse advisory. The vulnerability, tracked as CVE-2024-23832, has a severity rating of […]

Cyber News
  • by
  • February 3, 2024

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. “We have revoked all security-related certificates and […]

Cyber News
  • by
  • February 2, 2024

Friday Squid Blogging: Illex Squid in Argentina Waters

Argentina is reporting that there is a good population of illex squid in its waters ready for fishing, and is working to ensure that Chinese fishing boats don’t take it all. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my […]

Cyber News
  • by
  • February 2, 2024

David Kahn

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed. EDITED TO ADD (2/4): Funeral website. EDITED TO ADD (2/10): New York Times obituary. Tags: books, cryptanalysis, history of cryptography Sidebar photo of […]

Cyber News
  • by
  • February 2, 2024

FTC slams Blackbaud for “shoddy security” after hacker stole data belonging to thousands of non-profits and millions of people

Data and software services firm Blackbaud’s cybersecurity was criticised as “lax” and “shoddy” by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach. Read more in my article on the Hot for Security blog. 

Cyber News